SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote malicious users to execute arbitrary SQL commands via the album parameter in a photos action.
cmscout cmscout 2.08